how does authenex A-Key 3600 OTP works, how did it authenticate with network

Question

one of my friend working in MNC, one-day bze of some network issues in his company, he came back to home and he started working from home, after connecting to the internet he connected to the organization proxy and he used a device authenex A-Key 3600, as a web developer I didn't understand that device can generate 8 digits random number as password, I know how to generate it, but still I didn't understand how did that OTP authenticate network which is randomly generated in a small device, I believe it's an Offline Device

Answer 1

This device uses HOTP (RFC 4226) algorithm to produce OTPs. Basically, this algorithm just mixing and hashing two things: a secret key and a counter.

The secret key is a random string, known only by an authentication server and by the one's particular device (token). The counter is incremented after each OTP generation.

Working by the same algorithm and knowing the same input data (the secret and the counter) the token and server receive the same result (OTP). So there is no need to have any network between auth server and tokens, they work independently.

Also, please, take into account, that HOTP algorithm is pretty old and nowadays TOTP is more preferable. TOTP algorithm uses current time instead of a counter, so received OTPs has a limited validity period, which is better for security reasons. There is also TOTP tokens with NFC, which can be easily added to any compliant system.